Identity and Access Management Flashcards
Which of these does Mike give as an example of an inherence factor?
A) Hardware token
B) Username/password
C) Fingerprint reader
D) Smart card
C) Fingerprint reader
Fingerprint reader is correct. Hardware token and smart card are possession factors, and username/password is a knowledge factor.
Which type of access control is based on data labels?
A) DAC
B) MAC
C) RBAC
D) HMAC
B) MAC
MAC is correct. In DAC, the owner defines the data. In RBAC, an administrator uses a set of rules to define data authorization. HMAC is an authentication code and is not related to access control lists.
What determines the number of times you can unsuccessfully attempt to log in before you are shut out of the system for a specified period?
A) Local Security Policy
B) Maximum password age
C) Account lockout duration
D) Account lockout threshold
D) Account lockout threshold
Account lockout threshold is correct. Local Security Policy is where all of these settings are located; maximum password age only relates to how long a password is active before it must be changed; and account lockout duration is how long the user will be locked out of the system before he can attempt to log on again.
In Linux file permissions, which action does the letter “r” allow?
A) Open a file
B) Edit a file
C) Run a file or execute a program
D) None of the above
A) Open a file
Open a file is correct. You need the “r” (read) permission to open a file, editing a file requires the “w” (write) permission, and the “x” (execute) permission enables you to run a file or execute a program.
True or false: Mike says shared accounts are a good idea in an Enterprise environment.
A) True
B) False
B) False
False. He says shared accounts are a sign of lazy security.
What is the RADIUS supplicant?
A) The system trying to authenticate
B) The system checking the authentication
C) The system acting as the gateway
D) The connection between the gateway and the system checking the authentication
A) The system trying to authenticate
The system trying to authenticate is correct. The system that checks the authentication is the RADIUS server. The system that acts as the gateway is the RADIUS client, and the last has nothing to do with RADIUS set-up or functionality.
Using Kerberos, what is the domain controller called?
A) PAP
B) CHAP
C) Gateway
D) Key distribution center
D) Key distribution center
Key distribution center is correct. PAP and CHAP are both authentication methods, and a gateway is the system that routes traffic from inside to outside a network.
Which of these is a tool you could use to set up single sign on within a LAN?
A) SAML
B) Windows Active Directory
C) SAMBA
D) VPN
B) Windows Active Directory
Windows Active Directory is correct. SAML is used mainly for web applications, SAMBA is the protocol that allows Linux machines to use Active Directory, and VPN is used to access a network from far away.